Through a partnership between Library and Technology Services (LTS) and Human Resources (HR), Lehigh employees will soon have access to learning tools from the security awareness and compliance training solution provider KnowBe4.
As Lehigh’s Chief Information Security Officer, the integrity and safety of the university’s data is what keeps Eric Zematis up at night. Criminals and scammers are always looking for a way into large organizations.
In his 25-year career in higher education IT, Eric has learned that the weakest link in any information security chain is the part he has the least control over - human error. That’s why, when he arrived at Lehigh two years ago, Eric started looking for a training solution to help the university’s staff better understand their role in keeping the university’s sensitive data safe from hackers and phishing attacks.
As he searched for the right option, he reached out to Human Resources. “HR is a good partner for those of us in information security because they typically touch most, if not all, the staff and faculty on campus. It's really a natural collaboration,” he said.
Tarah Cicero, Learning Design and Development Specialist, said that HR’s priority was a service that included a range of training for compliance with federal laws including HIPAA and FERPA.
“What really attracted me to KnowBe4 is that their compliance training programs are automatically updated,” she said. “It can be a heavy lift for an organization like Lehigh to ensure that they are training on the most current version of a law given staff turnover and the frequent changes that occur with various regulations.”
KnowBe4’s products include security awareness training modules as well as simulated phishing attacks that will send an email to employees designed to mimic a real phishing scam. “If an employee is fooled by the phishing simulation, they won’t do any harm to Lehigh’s information systems,” Eric explained. “Instead, the link will take them to additional training that will help them understand how to better recognize the warning signs in such an email.”
Simulated attacks can be deployed to a specific department or unit. Eric will be working with managers to determine when and where to use this tool.
In addition to compliance training, Tarah also sees opportunities for supervisory training through KnowBe4 that will supplement Lehigh’s CE@L career enrichment programs. “There are courses in wage and hour basics, the Family Medical Leave Act, disability discrimination, avoiding conflicts of interest, and other topics that pertain directly to supervisor’s responsibilities,” she said. “We’re building a subset of courses from KnowBe4 that we’ll share with managers in the coming months that we think will enhance their skills and knowledge in important ways.”
Tarah has reviewed a lot of training videos and products over the years, and she’s impressed by KnowBe4’s quality. “One of the things I think is pretty cool about this platform is that in addition to self-guided courses, it also offers Netflix-style short video series that are really entertaining,” she said.
Staff and faculty won’t have direct access to all of KnowBe4’s materials due to capacity limits. Instead, Eric and Tarah will be consulting with managers whose offices and divisions can benefit the most from specific training opportunities. The LTS Help Desk will also be trained to support the KnowBe4 platform if a user encounters a problem.
“We hope that by providing managers with self-guided training, they’ll feel empowered and keep information security and compliance issues in mind as they guide their employees,” Eric noted. “I welcome supervisors who would like to discuss not only using KnowBe4 but any concerns they may have about information security in their area to reach out to me as well.”
Additional Training and Enrichment Resources for Staff and Faculty
Even if you aren’t one of the first to have access to KnowBe4, there are other resources provided by Lehigh HR and LTS that you can take advantage of: